Problem: A well-defined group of people formerly working at a single location used to pass along pieces of paper containing confidential information so group members could comment and expand. But after covid they find it hard to get together in one place and, since every member has a computer, they would like to be able to do it online. But confidentiality remains very important, along with integrity of the information. What can they do?
Possible solutions:
- Server within a local network.
This is best from the security viewpoint, since outsiders will not have access to the shared content if the network firewall is correctly set up. Group members outside the physical reach of the network can connect via VPN or get files via https after authentication. Hardware installation can be minimal, consisting of a single computer with storage, or a dedicated Network Accessible Storage unit (NAS). Files to be shared can be put in dedicated folders and subfolders, and users can modify them as if they were in their own machines. But integrity can be a problem. What if the server suffers a crash? What if there is a fire or a flood? Regular backups are a must, and this is easily forgotten unless you have a person dedicated to the task. This person’s time, along with the required hardware and maintenance, represent a cost. There’s also a skill factor to be considered. A local solution can be hacked or subject to ransomware more easily, since it usually takes just one person’s mistake to compromise the whole system.
- “Cloud” File Sharing provider
Putting the files “in the Cloud” (actually, someone else’s for-profit server connected to Internet). This should take care of the skill factor as well as maintenance and backups, for a reasonable fee. Downtime should be minimal if they know what they are doing. Ransomware attacks seem to be largely unsuccessful with professional file sharing services. On the other hand, the service provider usually can see the content of your files, which is a large liability in the event of hack or secret request by the Authority (this can, and has been abused). That is, unless the files at the server are encrypted and the provider does not have the key, what they call “zero knowledge” encryption. Most providers, such as Google Drive and Dropbox, do not encrypt the data. But a few providers do advertise encryption, for instance:
Mega.nz. This service makes “security” the center of their advertising. They say user files are encrypted at the client, so they can never decrypt them even if they wanted to. But the encryption key is derived from the user’s login password, which they obviously know, after a hash operation performed at the client. While reversing this hash is very difficult in principle, there have been reports of people successfully getting in and messing with users’ files. They do allow files to be shared between users, which implies a decryption and re-encryption for the shared user, performed using a protocol involving RSA keys that has been much criticized.
pCloud.com. Their file spaces include a “Crypto Folder” whose contents are accessible only after entering a special Password separate from the login password. They say the files within that folder are encrypted at the client, using that Password which the server never sees. I tend to believe this is true, though there is no way to make sure. Neither the Crypto folder nor its files can be shared to other users, likely because they are not expected to have the key needed for decryption, which is derived from the owner’s special Password. So, in order to use this folder from this provider, the group would have to direct all its members to use the same account. In my tests, I did manage to be logged in four times simultaneously from different browsers on the same machine, and also from three different machines. I doubt that they would allow ten simultaneous logins but it might be worth the test.
Sync.com. (this link earns me some bonus storage, so please use it ;-). This relative newcomer is a lot like Mega.nz, in that all its storage is encrypted with “zero knowledge”, but it seems to be competing with pCloud instead. After some tests, I like Sync.com a lot better because you can share supposedly encrypted data with other users, or even with people outside the user base, whereas pCloud cannot share what is in their Crypto folder. This indicates the use of public key cryptography, as in Mega.nz. I found some details on what’s under the hood here. Sadly, I have not been able to find any independent review, which is concerning (it uses RSA-2048, as also mentioned here, but Mega.nz also uses RSA and has lots of problems with that). For all I know, it could have the same problems as Mega.nz.
OneDrive by Microsoft. This is part of their Office365 plans, but it can also be contracted separately. They talk about “encryption”, but this is only for use on mobile devices, in case they get stolen. It is obvious, therefore, that files at Microsoft servers are not encrypted. This allows them to be shared easily, and also opened in the Web versions of Office apps, which the two services mentioned above cannot do; the most they can do is show file contents as view-only. Files in pCloud’s Crypto folder cannot even be viewed, only downloaded (they are decrypted locally so they are retrieved in plain form).
Encryption is hard to do, especially if you want to share files between users. Mega takes a stab at it but it seems to fall short. But observe that those services that offer decent “zero knowledge” encryption do it at the client anyway. This leads to a third possible solution.
- “Cloud” storage plus local encryption.
In this case you can use whichever file sharing service you like, because they are never going to see your content in plain form. You will have a separate app, which can run on your browser or be totally independent of it, to do encryption and decryption of files, and then you’ll upload to or download from the service manually. Nearly foolproof, but it takes some extra mouse clicks and some training to do it correctly. Encryption can take two forms, depending on the type of key used:
- Symmetric key, which all group members know. File sharing is not a problem at all, even if users have separate accounts on the sharing service. This is the easiest, but user management becomes a problem when a member leaves the group, since this user cannot instantly forget the encryption key or password, which is the same for all users. There is also a problem getting the key to a new group member who cannot be physically at the same location as another group member in order to get that precious key securely. This kind of encryption can be done quite readily with a local app, such as the free Cryptomator, which also sends and retrieves files seamlessly with Google Drive and Dropbox.
- Public keys, where each group member has his/her own private key or password, which is never revealed to the rest. They can use a utility such as PassLok, by yours truly, or the recently developed and simpler GroupEncrypt (link downloads a zip file to install on a Web server or run locally from file). Like PassLok, GroupEncrypt is open source, and it can be found at https://github.com/fruiz500/GroupEncrypt. The main challenge is learning how to use the encryption program, so this is why I have designed GroupEncrypt for utter simplicity, with only a box to enter your Password plus two buttons to push optionally.
To use GroupEncrypt, decompress its zip archive to your hard drive and double click the index.html file, which will open it in your default browser. It may have some dummy group members, which does not matter at first. Choose a good Password and type it in, then hit Return or the Accept button. Check the first box in order to display your public key. Copy it and send it to your group Administrator. He or she will collect the public keys from all the group members and update the GroupKeys.json file on the server if that is how the app is to be accessed by the group members. Put it in the same folder where index.html resides and reload the app. Every time you want to put a file in shared storage (it doesn’t matter which service), load it to the GroupEncrypt app first by dragging it onto its large box. It will be encrypted, given extension .crypt, and placed in your Downloads folder. Then you can upload that to the shared folder. Check that all files in that folder have extension .crypt and replace the offending files with their encrypted versions if that is not the case (any group member can do it). To get a file from online storage, first download it from the service, then drag it to the GroupEncrypt app (after typing there your Password and loading the Folder Key, if needed), and the original plain file will end up in your Downloads folder next to the encrypted one.
I am thinking of coming up with an extension to attach GroupEncrypt to Google Drive and other popular online file sharing services, but that would be a lot of work because programmatic access to the files is different for each service. You do a little more moving and dragging files with the current simple app, but it works with every service.
Go ahead and try GroupEncrypt with some files of your own. The version in the zip file includes three group members in the GroupKeys.js file, named Alice, Bob, and Carol. Their Passwords are “Hi, I’m Alice”, “Hi, I’m Bob”, and “Hi, I’m Carol” respectively, all without quotes. There is also a former member named Adam (guess his Password) so files encrypted by him can still be decrypted, but the app won’t encrypt anything for him anymore. You can make him active again by removing the dollar sign prepended to his name in the file. There is also an entry that is actually a list containing Alice and Carol. Although the default is to encrypt files for all members, it is also possible to select individual members or groups by revealing a hidden input via a checkbox. Would-be Administrators should click the spot that reveals some technical details.